You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.
Subject | JAVA Property | Explanation | Type | Default | |
---|---|---|---|---|---|
Security | blueriq.security.click-jacking-protection.enabled | Turn clickjack protection on/off. For more information go to Security: Clickjacking protection. | Boolean | true |
|
blueriq.security.click-jacking-protection.content-security-policy.default-src | Set the location where content can be loaded from, if no more specific value (for example font for where fonts can be loaded from) is given there is a fallback to this value. For more information see Security: Clickjacking protection. | String | 'self' |
| |
blueriq.security.click-jacking-protection.content-security-policy.script-src | Set the location where scripts can be loaded from. For more information see Security: Clickjacking protection. | String | 'self' |
| |
blueriq.security.click-jacking-protection.content-security-policy.style-src | Set the location where stylesheets can be loaded from. For more information see Security: Clickjacking protection. | String | 'self' |
| |
blueriq.security.click-jacking-protection.content-security-policy.font-src | Set the location where fonts can be loaded from. For more information see Security: Clickjacking protection. | String | 'self' |
| |
blueriq.security.click-jacking-protection.content-security-policy.img-src | Set the location where images can be loaded from. For more information see Security: Clickjacking protection. | String | 'self' |
| |
blueriq.security.click-jacking-protection.content-security-policy.frame-ancestors | Set the valid parent hosts that may embed Blueriq using <frame>, <iframe>, <object>, <embed> or <applet>. For more information see Security: Clickjacking protection. Available since Blueriq 14.4. Note that Content Security Policy is not supported by Internet Explorer, so this setting will not have an effect on users that still use Internet Explorer. | String | 'self' |
| |
blueriq.security.csrf-protection.enabled | Turn Cross Site Request Forgery protection on/off. For more information go to Security: Cross-site scripting protection. | Boolean | true |
| |
blueriq.security.referrer-policy.enabled | Enables mechanism of adding Referrer-Policy header to all outgoing requests. | Boolean | true | | |
blueriq.security.referrer-policy.policy | Set the Referrer-Policy header value different than default. | String | referrerorigin | | |
blueriq.security.x-content-type-protection.enabled | Add the X-Content-Type-Options header to responses to protect against MIME type sniffing. For more information go to Security: Content sniffing protection. | Boolean | true |
| |
blueriq.security.xss-protection.enabled | Turn cross site scripting protection protection on/off. For more information go to Security: Cross-site scripting protection. | Boolean | true |
| |
blueriq.security.xss-protection.header.enabled | Turn the X-XSS-Protection HTTP header on/off. | Boolean | true |
| |
blueriq.security.xss-protection.request-body-validation.enabled | Enable the X-XSS-Protection on request body. | Boolean | true |
| |
blueriq.security.xss-protection.request-parameter-validation.enabled | Enable the X-XSS-Protection on request parameters. | Boolean | true |
| |
blueriq.security.xss-protection.request-url-validation.enabled | Enable the X-XSS-Protection on request url. | Boolean | true |
| |
blueriq.security.xss-protection.multipart-request-validation.enabled | Enable the X-XSS-Protection on multipart request. | Boolean | true |
| |
blueriq.security.xss-protection.blacklist.enabled | Turn the XSS blacklist on/off. | Boolean | true |
| |
blueriq.security.xss-protection.whitelist.enabled | Turn the XSS whitelist on/off. | Boolean | true |
| |
blueriq.security.xss-protection.whitelist.allowed-protocols | Set the whitelisted protocols in URI attributes. Example value: 'http,https,mailto' | Comma separated string | empty |
| |
blueriq.security.xss-protection.whitelist.allowed-tags | Set the whitelisted HTML tags. Example value: 'b,img' | Comma separated string | empty |
| |
blueriq.security.xss-protection.whitelist.allowed-global-attributes | Set the whitelisted attributes allowed on any whitelisted HTML tag. Example value: 'class,title' | Comma separated string | empty |
| |
blueriq.security.xss-protection.whitelist.allowed-attributes.<tag> | Set the whitelist attributes allowed on a specific whitelisted HTML tag. Example key: 'blueriq.security.xss-protection.whitelist.allowed-attributes.h1' Example value: 'class' | Key: string Value: comma separated string | empty |
| |
blueriq.security.xss-protection.whitelist.uri-attributes.<tag>=<attr1>,<attr2> | Mark which attributes are URI attributes and are subject to the allowed protocols rule. In Java, URI attributes can be defined per tag. In .NET, URI attributes can be defined only globally. | Key: string Value: comma separated string | empty |
| |
blueriq.security.xss-protection.whitelist.max-loop-count | Define a limit on the number of sanitization iterations. | Integer | 5 |
| |
blueriq.security.xxe-protection.enabled | Enable XML External Entity (XXE) protection. | Boolean | true |
| |
blueriq.security.xxe-protection.disallow-doctype-decl | Disallow doctype declaration processing in XML-files. Protection is enabled when set to: true. | Boolean | true |
| |
blueriq.security.xxe-protection.load-external-dtd | Enable loading external DTDs in XML-files. Protection is enabled when set to: false. | Boolean | false |
| |
blueriq.security.xxe-protection.external-general-entities | Enable processing external general entities in XML-files. Protection is enabled when set to: false. | Boolean | false |
| |
blueriq.security.xxe-protection.external-parameter-entities | Enable processing external parameter entities in XML-files. Protection is enabled when set to: false. | Boolean | false |
| |
blueriq.security.xxe-protection.xinclude-aware | Enable processing of XML Inclusions (XInclude) in XML-files. Protection is enabled when set to: false. | Boolean | false |
| |
blueriq.security.xxe-protection.expand-entity-references | Enable expansion of entity references in XML-files. Protection is enabled when set to: false. | Boolean | false |
| |
blueriq.security.http.restricted-methods | Specify the methods that should not be allowed while doing HTTP calls. For more information go to Security: Block HTTP Methods. Example value: 'head,get,post,options' | Comma separated string | empty |
| |
blueriq.security.http.runtime.enabled | This property if true enables the default secured access to the runtime interactions. | Boolean | true |
| |
blueriq.security.login-type | Defines the login type used in Blueriq. If openid-connect is chosen, openid-connect properties have to be defined as well. | One of:
| 'form-login' |
| |
blueriq.security.redirect-url-whitelist | Define a whitelist of URLs where the user can be redirected to. If the If the list is empty, any URL is accepted up to version 14.x. From 15.0 onwards, no URLs are accepted when an empty list is provided. | Comma separated list | empty |
| |
blueriq.security.keystore.location | The path to the keystore file to be used as repository for security certificates. | Spring Resource | empty |
| |
blueriq.security.keystore.password | The password of the keystore. | String | empty |
| |
blueriq.security.keystore.default-certificate | Default certificate used to verify signatures when no KeyInfo is provided in the request. | String | empty | ||
blueriq.security.truststore.location | The path to the trust store containing the public keys/certificates of external hosts that should be trusted. This indicates the trust store that is used for the Soap Service Client. | Spring Resource | empty |
| |
blueriq.security.truststore.password | The password for the truststore file. | String | empty |
| |
blueriq.security.truststore.default-certificate | Default certificate used to verify signatures when no KeyInfo is provided in the request. | String | empty | ||
blueriq.security.bcrypt-strength | Define the BCrypt strength for password hashing. BCrypt is the default encoder in Blueriq. Applicable values: number between 4-30 Performance impact The higher the number the higher the hashing complexity but also the work to calculate the hash. Each increment is twice as much work. Introduced in version 12.13. | Integer | 10 |
| |
blueriq.security.session-fixation-protection.enabled | Turn session fixation on/off. For more information, see Security: Session Fixation protection. Introduced in versions 14.11, 13.13.18 and 12.13.39. | Boolean | true |
| |
blueriq.security.cors.enabled | Enable response headers related to Cross-Origin Resource Sharing. When disabled, the Same-origin policy implemented in web browsers does not allow scripts with a different origin to call Runtime endpoints. This is the secure default. | Boolean | false |
| |
blueriq.security.cors.allowed-origins | Specify origins for the Access-Control-Allow-Origin response header. | Comma separated string | empty |
| |
blueriq.security.cors.allowed-methods | Specify methods for the Access-Control-Allow-Methods response header. | Comma separated string | empty |
| |
blueriq.security.cors.allowed-headers | Specify headers for the Access-Control-Allow-Headers response header. | Comma separated string | empty |
| |
blueriq.security.cookie-same-site.enabled | Turn on the same site attribute for the cookies in blueriq. for more information see: Security: SameSite. Introduced in version 15.0. | Boolean | true |
| |
blueriq.security.cookie-same-site.value | Define the value for the same site attribute for the cookies in blueriq. for more information see: Security: SameSite. Introduced in version 15.0. | String | 'strict' |
|